November 29, 2017

Subscribe

Supreme Court considers if your privacy rights include location data

by John_A

With all the attention focused on the FCC’s upcoming vote to dismantle net neutrality protections, it’s easy to have missed an upcoming hearing that has the potential to reshape electronic-privacy protection. Today, the Supreme Court is hearing arguments in Carpenter v. United States — and at issue is cellphone-tower location data that law enforcement obtained without a warrant.

Defendant Timothy Carpenter, who was convicted as the mastermind behind two years of armed robberies in Michigan and Ohio, has argued that his location data, as gathered by his cellphone service provider, is covered under the Fourth Amendment, which protects citizens against “unreasonable searches and seizures.” Thus far, appeals courts have upheld the initial decision that law enforcement didn’t need a warrant to acquire this data, so the Supreme Court is now tasked with determining whether this data is deserving of more-rigorous privacy protection.

This case has been going on for years, so let’s get some background details out of the way. Amy Howe, formerly a reporter and editor for SCOTUSblog, describes how law enforcement asked cellphone service providers for details on 16 phone numbers tied to the crimes, including Carpenter’s number and that of a co-defendant. That data included months of cell-site-location information (CSLI) that shows precise GPS coordinates of cellphone towers plus the date and time that a phone tried to connect to the tower in question. The FBI used this to create a map of where the phone and its owner were at any given time. The FBI received multiple months of data, not just data for the days, and was never asked to produce a warrant.

The FBI’s explanation, which the courts have thus far backed up, relies on a legal principle known as the third-party doctrine. Jennifer Lynch from the Electronic Frontier Foundation explains that the third-party doctrine states that information you voluntarily share with “someone else” isn’t protected by the Fourth Amendment, because third parties aren’t legally bound to keep the info you shared with them private. And the definition of “someone else” is quite broad — in this case, the courts view the data that cellphone providers collect as something customers are voluntarily sharing, simply by using their services.

Carpenter has argued that the third-party doctrine was not intended to be applied to things like cellphones. That’s largely because the legal backing of the third-party doctrine is based on two Supreme Court cases from the 1970s, years before the first cellphone even went on sale to the public. Simply put, the way courts are ruling on third-party doctrine doesn’t make sense in an age when so much sensitive information is bound up in our cellphones.

There’s also a 2012 Supreme Court case that could back up Carpenter’s argument. In United States v. Jones, the Supreme Court unanimously ruled that it was a Fourth Amendment violation to attach a GPS unit to a car without a search warrant. The FBI had planted the GPS onto a car parked on private property and used it to track its position every 10 seconds for a full month. That’s more granular than the location info you get from a cellphone, but the cases do have some similarities.

After the court’s decision, Justice Sonia Sotomayor wrote that the third-party doctrine was “ill suited to the digital age” and expressed her opinion that privacy case law was failing to keep up with the rapid changes that smartphones and other technology are making to how we as a society view privacy. “People disclose the phone numbers that they dial or text to their cellular providers, the URLS that they visit and the e-mail addresses with which they correspond to their Internet service providers, and the books, groceries and medications they purchase to online retailers,” she wrote. “I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.”

Some of the world’s biggest tech companies, including Apple, Facebook, Microsoft, Google, Twitter and even Verizon agree with Sotomayor. In August, a total of 15 companies filed an amici curiae brief related to the Carpenter case in which they argue that “fourth amendment doctrine must adapt to the changing realities of the digital era” and that “rigid analog-era rules should yield to consideration of reasonable expectations of privacy in the digital age.” Of course, this argument may not win over the Supreme Court, but its ruling in the 2012 GPS case shows that the justices could be in favor of stronger privacy protection.

Unfortunately for those who believe in expanded privacy rights, lower courts have so far sided with the third-party doctrine when it comes to CSLI. Lynch writes that “five federal appellate courts, in deeply divided opinions, have held that historical CSLI isn’t protected by the Fourth Amendment — in large part because the information is collected and stored by third-party service providers.” We’ll find out soon whether the Supreme Court is ready to break with those past rulings, a move that could lead both to freedom for Timothy Carpenter and a new precedent for privacy in the age of the smartphone.